Site Mobile Navigation

Worm Can Deal Double Blow to Nuclear Program

The German software engineer who in September was the first to report that a computer worm was apparently designed to sabotage targets in Iran said Friday that the program contained two separate “digital warheads.”

The malicious program, known as Stuxnet, is designed to disable both Iranian centrifuges used to enrich uranium and steam turbines at the Bushehr nuclear power plant, which is scheduled to begin operation next year, said the engineer, Ralph Langner, an industrial control systems specialist based in Hamburg, Germany.

“It’s an awful complex code that we are looking at,” said Mr. Langner, who has spent several months studying the program, which was discovered by a Russian antivirus company in June, after the company received complaints from Iranian customers. The link between the worm and an Iranian target was first made at an industrial systems cybersecurity conference in the Washington area on Sept. 20 by Mr. Langner.

In a statement Friday on his Web site, he described two different attack modules that are designed to run on different industrial controllers made by Siemens, the German industrial equipment maker. “It appears that warhead one and warhead two were deployed in combination as an all-out cyberstrike against the Iranian nuclear program,” he wrote.

In testimony before the Senate on Wednesday, federal and private industry officials said that the Iranian nuclear program was a probable target, but they stopped short of saying they had confirming evidence. Mr. Langner said, however, that he had found enough evidence within the programs to pinpoint the intended targets. He described his research process as being akin to being at a crime scene and examining a weapon but lacking a body.

An error has occurred. Please try again later.

You are already subscribed to this email.

The second code module — aimed at the nuclear power plant — was written with remarkable sophistication, he said. The worm moves from personal computers to Siemens computers that control industrial processes. It then inserts fake data, fooling the computers into thinking that the system is running normally while the sabotage of the frequency converters is taking place. “It is obvious that several years of preparation went into the design of this attack,” he wrote.

When asked about Mr. Langner’s new analysis, Eric Chien of Symantec said the company’s researchers had also seen evidence of a second attack module, but that the module was disabled in the version of Stuxnet they studied.

Mr. Langner is among a small group of industrial control specialists who warned that the widespread distribution of the Stuxnet code could lead to disaster. Equipment made by Siemens and its competitors is used around the globe to manage virtually all of the world’s transportation, power distribution and communications systems.

Joe Weiss, managing partner at Applied Control Systems, a consulting firm based in the Silicon Valley that organized the conference in September, said he was concerned that computer security organizations were not adequately conveying the potential for serious industrial sabotage that Stuxnet foretells.

“I just want the lights to stay on and water flowing, and people not dying,” he said.

A version of this article appears in print on November 20, 2010, on Page A8 of the New York edition with the headline: Iran Worm Can Deal Double Blow to Nuclear Program. Order Reprints|Today's Paper|Subscribe